| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
| Cc: | Asia <asia123321(at)op(dot)pl>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Universal certificate for verify-full ssl connection |
| Date: | 2011-05-31 08:52:17 |
| Message-ID: | BANLkTinQ7gSUwB+dbGXpQBeWc33Qh+yNug@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, May 31, 2011 at 10:06, Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> wrote:
> On 31/05/11 15:40, Asia wrote:
>
>> Would you please advise what I am doing wrong? Or maybe there is other way to generate wildcard certificate ? Or maybe this is a possible bug?
>
> I wouldn't be surprised if libpq didn't support wildcard certificates at
> all. I doubt there's ever been any demand for them.
It certainly does, and it's an important feature.
However, it's not intended to be used with IPs, it's intended to be
used with hostnames. The wildcard pattern has to start with "*."
(including the dot) to be considered. Thus a simple '*' in the
wildcard will not work, and anything starting with '*.' will never
match all IPs.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tarlika Elisabeth Schmitz | 2011-05-31 09:51:36 | Re: trigger - dynamic WHERE clause |
| Previous Message | Craig Ringer | 2011-05-31 08:06:02 | Re: Universal certificate for verify-full ssl connection |